Sustainable data destruction: the public sector can do better
Every year, government organizations around the world spend hundreds of millions of dollars on the physical destruction and repurchase of perfectly good IT equipment. Secure data destruction solutions exist, however, that are more cost effective, environmentally friendly and cyber secure.
What are the financial and environmental impacts of the physical destruction of data and equipment? What examples of commitment to sustainable alternatives could the public sector show?
Today, electronics has the “fastest growing waste stream in the world,” according to the international study E-Waste monitor.
According to the document co-authored by UN training programs and the International Telecommunication Union, the world generated 53.6 billion metric tons (Mt) of electronic waste in 2019.
1.362 Mt of electronic waste in France
For countries with a formal waste management system, collection and recycling rates remain relatively low, the study adds.
Of the 1.362 Mt produced in France (21 kg per capita), 742,000 tonnes (2017 figures) were collected and recycled.
“Due to the slow adoption of collection and recycling, externalities – such as resource consumption, greenhouse gas emissions, and the release of toxic substances, such as mercury, during informal recycling – illustrate the problem of staying within sustainable limits (…), which is not without risks to the environment and human health,” says the E-Waste monitor.
For Yves Gheeraert, Blancco’s Director for Benelux, France and Southern Europe, this unnecessary destruction also increases operating and hardware costs for private and public companies.
“Public administrations are contributing to the increase in e-waste, while budgetary constraints and the Climate Plan are prompting them to be more careful in their environmental management,” he notes.
Exorbitant destruction costs
According to a recent study by Blancco Technology Group, the French government and public sector organizations spend €6.41 million on the physical destruction of technologies that are still often functional. Another €4.24 million is spent on replacement costs.
The price of the physical destruction of the SSDs (Solid-State Drives) alone would be 2.17 million euros.
Large-scale data storage devices, SSDs exist as external devices, and are also found in the cloud, in laptops and desktops, and in multifunction printers (MFPs).
Blancco’s survey was conducted independently by Coleman Parkes Research in December 2021 and January 2022, with 596 public officials from nine countries: the United States, Canada, the United Kingdom, France, Germany, Japan, Singapore, India, and Australia.
In France, the 70 respondents-representing 25 percent of government entities (regional and local headquarters)-“reported destroying an overall average of 1,748 SSDs per year, the highest of any country surveyed,” the paper said.
For many of the respondents, “the physical destruction of SSDs containing classified data is mandated by law”. And more than half believe it is “more cost-effective and secure than other data erasure solutions,” wrongly so, according to the study.
In addition, internal policies of government organizations often mandate physical destruction of equipment at the end of its life, either out of convenience, out of an abundance of caution – to make classified or secret data permanently irretrievable – or out of ignorance of the details of the security policy that allows for non-destructive options.
However, these practices also rub off on small and medium-sized enterprises and private companies, suppliers and customers, who are subject to the same rules as public bodies dealing with highly sensitive information.
So for Yves Gheeraert, it is increasingly urgent to consider sustainable alternatives that extend the lifespan of devices, that ensure the absolute security of end-of-life data stored on SSDs through secure erasure, and that would allow utilities to reduce their carbon footprint and expenses.
“With the acceleration of privacy and data protection laws, cyber threats, increased emphasis on environmental sustainability and the rapid acceleration of data transformation, it is necessary to consider all options allowed by existing regulations to create policies that fit the current government technology landscape,” he advocates.
“It is at the legislative or regulatory level where widespread change can occur – and where countries can align public sector data security needs with local, national and international sustainability goals.”
Key points of the Blancco study for France
36% of respondents say that physical destruction of SSDs containing classified data is required by law. Therefore, they destroy them “just in case”.
52% consider physical destruction to be more cost-effective than other erasure solutions. This is the highest figure of all countries surveyed.
Nearly a third (30%) of respondents are not aware of alternative erasure methods. This is the highest figure of all the countries surveyed.
32% of respondents believe that there are no alternative certified/approved vendors or solutions.
48% of respondents said they physically destroy the disks, as this approach would be more secure compared to alternative data erasure solutions. At the same time, only 7% “strongly agree” that they have complete confidence in the destruction process in place at their organization (40% “slightly agree”).
36% of the devices or single disks are sent off-site for physical destruction.
- Operational security
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cyber risks
- Antifraud action
- Digital identity & KYC
- Digital Sovereignty
- Digital transition